package com.aqgj.shiro;

import com.alibaba.fastjson.JSONObject;
import com.aqgj.util.JsonWrapper;
import org.apache.shiro.web.filter.authc.UserFilter;
import org.apache.shiro.web.util.WebUtils;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;

/**
 * ajax shiro session超时统一处理
 * 
 * 参考：http://looooj.github.io/blog/2014/06/17/shiro-user-filter.html
 * @author March_CD
 *
 */
public class ShiroAjaxSessionFilter extends UserFilter {

	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
		HttpServletResponse res = WebUtils.toHttp(response);
		res.addHeader("Access-Control-Allow-Origin", "http://www.aqjtw.com");
		res.setHeader("Access-Control-Allow-Credentials", "true");
		String temp=JSONObject.toJSONString(JsonWrapper.failureWrapperMsg("session过期或未登录"));
		PrintWriter out= res.getWriter();
		res.setStatus(400);
		res.setHeader("content-type","text/html;charset=UTF-8");
		out.print(temp);
		out.close();
		return false;
	}

}